similar to: asterisk-users Digest, Vol 80, Issue 73

I have fail2ban on my mail server monitoring Dovecot and Exim. I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log: 2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO [dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05 2020-04-07 09:42:06,408 fail2ban.actions [16138]: NOTICE [dovecot] Ban 77.40.61.224 2020-04-07 09:42:06,981

On 4/7/20 11:54 AM, Gary Stainburn wrote: > I have fail2ban on my mail server monitoring Dovecot and Exim. > > I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log: > > 2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO [dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05 > 2020-04-07 09:42:06,408 fail2ban.actions [16138]:

Is anyone using asterisk with fail2ban? I have it working except it takes way more break-in attempts than what is set in "maxretry" in jail.conf For example, I get an email saying: "The IP 199.204.45.19 has just been banned by Fail2Ban after 181 attempts against ASTERISK." when "maxretry = 5" in jail.conf Perhaps someone else is experiencing this or has resolved it,

> > > > /var/log/fail2ban.log is showing that it's working: > > I have seem similar odd behaviour with f2b with other filters. > Try to uninstall the package > fail2ban-systemd > and stop and start fail2ban again. > This might change its behavior to the better. > The fail2ban-systemd package configures fail2ban to use systemd journal for log input. The OP

On Mon, December 18, 2017 3:06 am, Alex JOST wrote: > Did you enable the dovecot service in fail2ban? By default all jails are > disabled. > > /etc/fail2ban/jail.conf: > [dovecot] > enabled = true Alex, thanks no, not in jail.conf, I've put it in the (1) /etc/fail2ban/jail.local I've also added postfix, that seems to work: I've made test failed dovecot and

On Sat, Aug 03, 2019 at 04:50:05PM +0100, Giles Coochey wrote: > > On 02/08/2019 19:38, Jon LaBadie wrote: > > On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote: > > > Fred Smith wrote: > > > > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote: > > > <MVNCH> > > I've been using fail2ban for some time, I have a number of ports open

On 05/08/2019 09:18, Pete Biggs wrote: >> I've found the default 10min bans hardly bother some attackers. >> So I've added the "recidive" feature of fail2ban. After the >> second 10min ban, the attacker is blocked for 1 week. >> > Oh definitely. My systems are set to "3 bans and you're out" - a > recidive ban is permanent after three

> > I've found the default 10min bans hardly bother some attackers. > So I've added the "recidive" feature of fail2ban. After the > second 10min ban, the attacker is blocked for 1 week. > Oh definitely. My systems are set to "3 bans and you're out" - a recidive ban is permanent after three other bans. I have large parts of some subnets in my ban

On Mon, Aug 05, 2019 at 09:31:56AM +0100, Giles Coochey wrote: > > On 05/08/2019 09:18, Pete Biggs wrote: > > > I've found the default 10min bans hardly bother some attackers. > > > So I've added the "recidive" feature of fail2ban. After the > > > second 10min ban, the attacker is blocked for 1 week. > > > > > Oh definitely. My

I got the fail2ban from epel. There were a number of issues relating to using a log file... logwatch was looking for both fail2ban and fail2ban.log logrotate file fail2ban added looked for fail2ban.log and then reset itself to syslog fail2ban itself went to syslog, over riding its fail2ban.log. took a while, but I use /var/log/fail2ban now, that finally worked through logrotates and logwatch.

Hi! Am 09.04.20 um 10:07 schrieb Rob Kampen: [...] > I too had fail2ban fail after an otherwise successful yum update. Mine occurred in Feb when my versions of firewalld etc were updated to the versions you show. Thus far I have not had the opportunity to sort the problem. Lockdown has been quite busy so far, hopefully some slower times coming next week. Yeah, those pesky real-life biological

On 1/9/20 2:08 AM, Pete Biggs wrote: >> Has anyone created a fail2ban filter for this type of attack? As of >> right now, I have manually banned a range of IP addresses but would >> like to automate it for the future. >> > As far as I can see fail2ban only deals with hosts and not networks - I > suspect the issue is what is a "network": It may be obvious to

P? Tue, 31 Dec 2019 18:53:38 +0000 John H Nyhuis <jnyhuis at uw.edu> skrev: > Just a random stab in the dark, but CEntOS6 was iptables, and CentOS7 > is firewalld. They take different fail2ban packages. > > CentOS6 = fail2ban > CentOS7 = fail2ban-firewalld > > Are you sure you are running the correct fail2ban package for your > firewall? (I screwed this up myself

On Friday 19 April 2019 15:19:26 Pete Biggs wrote: > > I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested > > on another page: > > The standard exim.conf already has a 535 filter. Was that not working > for you? I was following the instructions as shown on the page. I did find after sending my post that there was already a regex in the standard

> I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested on > another page: The standard exim.conf already has a 535 filter. Was that not working for you? > > \[<HOST>\]: 535 Incorrect authentication data > > which appears to be successfully matchnig lines in /var/log/exim/mail.log such > as > > 2019-04-19 13:06:10 dovecot_plain

Been working on my anti-spam centos mailserver for a while now and thought I would share fail2ban's help. I installed fail2ban a few weeks back. It was tough to get it working properly but pretty much working now. Although it works fine for brute force, I thought I would run it pretty tough against spammers. I started with a regular mail server, my old one, that is horrendously pounded

I find csf/lfd much easier to configure and can be used in combination with fail2ban. Gary Stainburn <gary.stainburn at ringways.co.uk> wrote: >I've followed one of the pages on line specifically for installing fail2ban on >Centos 7 and all looks fine. > >I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested on >another page: > >

On Friday 19 April 2019 16:15:32 Kenneth Porter wrote: > On 4/19/2019 5:30 AM, Gary Stainburn wrote: > > I've followed one of the pages on line specifically for installing fail2ban on > > Centos 7 and all looks fine. > > Which page? It would help to see what they advised. > On Friday 19 April 2019 16:15:32 Kenneth Porter wrote: > On 4/19/2019 5:30 AM, Gary Stainburn

This should probably be a bug report for the fail2ban EPEL maintainer, the problem was introduced in version 0.9.3 >From the file /etc/fail2ban/action.d/iptables-common.conf ... # Option: lockingopt # Notes.: Option was introduced to iptables to prevent multiple instances from # running concurrently and causing irratic behavior. -w was introduced # in iptables 1.4.20, so

Hi! I have a server running CentOS 7.7 (1908) with all current patches installed. I think this server should be a quite standard installation with no specialities On this server I have fail2ban with an apache and openvpn configuration. I'm using firewalld to manage the firewall rules. Fail2an is configured to use firewalld: [root at server ~]# ll /etc/fail2ban/jail.d/ insgesamt 12